Here's what needs to be taken away from this though: Dictionary generation should be decoupled from the actual brute force operation.

So, OP, this isn't a brute forcer at all. This is a limited dictionary generator. In order to use a program like this you'll have to learn how to program. From there, you can ask more specific questions.

by Nostalgiia on Wed Nov 17, 2010 7:01 pm ([msg=49051]see second times the charm?[/msg])

...merged...

hi. i posted a thread (right underneath this one) that ended up getting locked. let me start out by saying, please read the original post, and ignore the rest.

Summary: I found some code that didn't run, i made it run. The issue is not weather or not i can make it run, but whether or not i can implement it successfully. It runs in idle (the Python GUI) but i want to input the results into something useful, say a login form? please dont post useless nonsense. im just wondering if there is a module i am unaware of that will implement the code into said form or if i have to find an executable exploit

I quit after an hour and 20 minutes (timed from a stop watch) I got to b@Ed as my guess

Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook

I'm not 100% sure, but I think what OP is aiming at is how he would use this program to crack a login form on a website...

... and here's my best guess:You will need to obtain the hash of a password from one of the users of the website first. This is because a bruteforcer will normally create billions of strings that take a long time to generate by itself, and that will take an eternity to type into a form and click 'submit'.

So what you would need to do is to obtain an encrypted password. This could get you a username and a password hash. Next you need to figure out what encryption method is used, for example MD5.

THEN and only then, can you make the code encrypt each string to MD5 and compare it to the password hash you obtained from the attack on the website. One day in a thousand years, your program will pop up and say "The password is xxx" and you can log into the now long-gone website

If you would be able to do the SQL attack, there is a much higher chance you'd find the password by Google-ing the hash than by using a brute-forcer.

If you definitely want a brute forcer, I'd go for a different language than Python. Not that it really matters, considering that any password with more than 6 characters would take an incredibly long time to crack.

Muskelmann098 wrote:... and here's my best guess:You will need to obtain the hash of a password from one of the users of the website first. This is because a bruteforcer will normally create billions of strings that take a long time to generate by itself, and that will take an eternity to type into a form and click 'submit'.

You don't necessarily need a hash. The easy way would be to automate form submission and test one password variant on x number of users. This is what I believe "RevengeDriven" did.

That's assuming he's even doing something over the web; we're left to guess as he didn't give us much info to use as to what he hoped to do with this.

"I'm going to get into your sister. I'm going to get my hands on your daughter." ~Gatito